Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help me stop Spam routing through my server 3

Status
Not open for further replies.
BadDog

BadDog

MIS
Aug 19, 1999
166
0
0
US
I have set the Internet Mail Service to allow routing only for clients who authenticate. However, I am still getting message in the que with the from &quot;<>&quot; deally (spam) going out to various recipients. What else can I do to stop this?

 
Sort by date Sort by votes
I am having the same problem with someone relaying or sending spam from my server. The 'From:' address field appears as '<>'. The link provided takes me to the Technet home page. Can anyone tell me how to stop this?

Environment:

Exchange Server 5.5 SP2
NT 4.0 Server SP6a
 
Upvote 0 Downvote
Upgrade your Exchange to at least SP3 as you need the new routing files.

Then follow the FAQ in this forum.
 
Upvote 0 Downvote
Zel,

Thanks, but I'm afraid I mis-stated my environment. My Exchange server is actually at service pack 4.

Can you be more specific as to what disables this? As I understand it, someone is using the NDR features of Exchange to relay their mail.
 
Upvote 0 Downvote
1. SP. After SP3 the routing is changed to better protect your server and route more efficiently.
2. NDR. Send an email to a badly setup Exchange server using any old address and you get an NDR. This gives you plenty of information about the server and you can use that to relay through it.

Read my FAQ in this forum on relaying (its cut from a really good FAQ on my web site so there aren't any screen shots or anything). It tells you what to do.
 
Upvote 0 Downvote
in Exchange Admin.....Intenet Mail Service.......Routing tab......routing restrictions....choose Host and clients that successfully authenticate and Host and clients with these IP addresses.....but do not put any entry on the list of IP address
 
Upvote 0 Downvote
I too had some issues with this but have since followed the directions here and now when I do the tests I get the desired results. But, is it possible that since it was open at one time that my GAL was accessed and now they know all our e-mail addresses? Also it seems as though the rate of Virus laden e-mails has increased since I blocked relaying. Could there be a correlation?
TMP
 
Upvote 0 Downvote
I thank everyone that responded to this post to offer their advice. Zel's FAQ's were very informative. I've done some more extensive testing and believe that the mail I see from &quot;<>&quot; is not being relayed and that is why I see it sitting in the queue. I am able to reproduce the conditions that I believe cause this and each test produced the error 550 &quot;Relaying mail prohibited&quot;.

As I understand it the &quot;<>&quot; is accepted by Exchange as valid from address, but Exchange will not route messages that are not being set exclusively to a valid domain address if routing is setup properly to prevent relaying. Can anyone confirm this?
 
Upvote 0 Downvote
Regarding &quot;<>&quot;
That is correct, if you wish to take it a step further I suggest adding the addresses you see in the queue to your Message Filter. Gradually less and less such entries will be found.
 
Upvote 0 Downvote
Being in the same boat and still seeing messages from &quot;<>&quot; in my queue and not quite understand Noktar's last message, could you clarify for me? How can I put the address in the message filter if there really is no address? I don't really want to put the destination address since they weren't the ones originating the relay.

Thanks for the help.

So seeing these message from &quot;<>&quot; stuck in the queue is a good thing right?

TMP
 
Upvote 0 Downvote
These are mainly probes, your server doesn't route so they're stuck in a queue till they time out and get dropped. I naturally keep getting new ones, all with wierd domain names, several times a week. So yes, I filter based on destination address all traffic originating at &quot;<>&quot; . It worked for me for a long time now. My filter currently has some 1500 entries but my users never get spammed.
 
Upvote 0 Downvote
Sounds good enough for me. I'll give it a try.

Thanks!
 
Upvote 0 Downvote
Hi, all

does anyone traced the source of the < > mail?
we have the same problem with < > stucked in the queue, after closed the relay, but when I examined the log, I found that this seem be a NDR but... not really a NDR, I don't know why exchange generated this, because I found for each < > email there is entry in the receiving log, then the exchange sends a email back to the sender but just without the sender info.
does anyone had the similar situation?

 
Upvote 0 Downvote
I have same problem with originator < > stucked in the queue. My relay is closed, but when I examined,I found that this seem be problem when deleted mailbox is try to send unknown recipient report to a junk mail and junk mail has no receiving address or hidden and they are stucked in the outgoing queue. Is there a way I can stop at exchange server not to send unknown recipient report. I have few deleted mailboxes and they are receiving junk mail.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
540
Satishkumar007
Satishkumar007
Edu001
  • Locked
  • Question
Exchange 2016 Installing a simple Second server
Replies
6
Views
569
Edu001
Edu001
rushej
  • Locked
  • Question
Spam on Exchange2010 Server
Replies
1
Views
47
Alex Robinson
Alex Robinson
jmics
  • Locked
  • Question
Exchange 2010 spam filter
Replies
0
Views
39
jmics
jmics
hirussellsmith
  • Locked
  • Question
Unable to Backup data after Exchange Server Down
Replies
1
Views
111
ralphmiller
ralphmiller

Part and Inventory Search

Sponsor

Back
Top